Cyber Incident Victim: University of Calgary

In September 2015, the University of Calgary experienced a security breach targeting its PeopleSoft system, which primarily managed employee records. The incident involved unauthorized access to 29 staff member accounts, with 13 of those accounts having banking information altered. The breach directly impacted payroll processing, resulting in at least 13 employees not receiving their scheduled payments on September 25. University administration detected the intrusion on the afternoon of September 25 and characterized it as an isolated incident. Immediate financial consequences emerged as altered banking details disrupted normal salary disbursement. Student records and accounts remained unaffected throughout the event. The compromised accounts were swiftly locked and disconnected from the university's internal network to prevent further unauthorized activity.

University officials, including Vice President of Finance and Services Linda Dalgetty, communicated details of the breach to staff via formal correspondence. Alternate payment arrangements were implemented to ensure affected employees received owed wages despite the payroll system compromise. The institution mobilized multiple investigative resources, tasking its privacy officer and campus security department with internal reviews. Calgary Police Service simultaneously launched a criminal investigation into the fraudulent access and banking alterations. No public statements revealed whether suspects were identified or what specific methods were used to breach the system. The university maintained operational continuity for non-compromised systems while containing the incident's scope to the targeted employee accounts.